The UK National Cyber Security Centre (NCSC) has released guidance on ‘Mapping your supply chain’. This is aimed at medium to large organizations who need to gain confidence in their supply chain resilience.
Supply chain mapping (SCM) is defined in the guidance as the process of recording, storing and using information gathered from suppliers who are involved in a company’s supply chain.
Supply chain mapping follows the principles of all good risk management; organizations need to understand the risks inherent in their supply chain, and then introduce security measures that are in proportion to the likelihood (and impact) of those risks materialising. The goal is to have an up-to-date understanding of your network of suppliers, so that cyber risks can be managed more effectively, and due diligence carried out.
The guidance covers:
- What is supply chain mapping?
- What information should SCM contain?
- Subcontractors in the supply chain
- Getting started.